job "traefik" { region = "global" datacenters = ["dc1"] type = "service" group "traefik" { count = 1 network { port "http" { static = 80 } port "https" { static = 443 } port "api" { static = 8081 } } service { name = "traefik" port = "api" check { name = "alive" type = "tcp" port = "http" interval = "10s" timeout = "2s" } tags = [ "traefik.enable=true", // Redirect all http requests to HTTPS "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true", "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https", "traefik.http.routers.http-catchall.entrypoints=http", "traefik.http.routers.http-catchall.rule=HostRegexp(`{any:.+}`)", "traefik.http.routers.http-catchall.middlewares=https-redirect", // Forward requests to protected services to Authelia. Remove this if not running Authelia. "traefik.http.middlewares.authelia.forwardauth.address=http:///api/verify?rd=https://auth.arsenm.dev/", "traefik.http.middlewares.authelia.forwardauth.trustforwardheader=true", "traefik.http.middlewares.authelia.forwardauth.authresponseheaders=Remote-User, Remote-Groups", // Expose Traefik API with authentication. Remove this if not running Authelia. "traefik.http.routers.traefik.rule=Host(`traefik.arsenm.dev`)", "traefik.http.routers.traefik.tls.certResolver=letsencrypt", "traefik.http.routers.traefik.middlewares=authelia", ] } task "traefik" { driver = "docker" config { image = "traefik:v2.2" network_mode = "host" volumes = [ "/opt/traefik/acme.json:/acme.json", "local/traefik.toml:/etc/traefik/traefik.toml", ] } template { data = <